Romania's national oil pipeline operator Conpet suffered a cyberattack disrupting business systems and its website, though operational technology prevented pipeline disruptions, while Qilin ransomware claims responsibility.
Romanian oil pipeline operator Conpet disclosed a cyberattack this week that disrupted its corporate IT systems and forced its website offline. Despite the breach, the company confirmed its core pipeline operations—transporting crude oil and derivatives across nearly 4,000 kilometers of infrastructure—remained functional, preventing supply chain interruptions.
The attack, detected on Tuesday, targeted Conpet's business networks but left operational technology (OT) systems unscathed. In an official statement, Conpet emphasized that its Supervisory Control and Data Acquisition (SCADA) and Telecommunications systems were unaffected, allowing uninterrupted transport of crude oil and gasoline. The company is collaborating with Romania's national cybersecurity authorities to investigate the incident and restore systems, while also filing a criminal complaint with the Directorate for Investigating Organized Crime and Terrorism (DIICOT).
Qilin ransomware operators claimed responsibility, listing Conpet on their dark web leak site and alleging theft of nearly 1TB of data. 
They published samples including financial documents and passport scans as proof. Active since 2022 under the alias 'Agenda,' Qilin operates as a Ransomware-as-a-Service (RaaS) group and has claimed nearly 400 victims globally. High-profile targets include Nissan, Asahi, and Australia's Court Services Victoria.
This incident continues a troubling pattern of attacks on Romanian critical infrastructure. In recent months, ransomware groups compromised Romanian Waters (water management), Oltenia Energy Complex (coal-based energy), Electrica Group (electricity distribution), and over 100 hospitals. These repeated breaches highlight systemic vulnerabilities in national infrastructure.
Practical Takeaways for Critical Infrastructure Operators
- Segregate OT and IT Networks: Conpet's OT isolation prevented operational disruption. Physical or logical separation between corporate networks and industrial control systems (like SCADA) limits attack surfaces.
- Implement Dark Web Monitoring: Early detection of leaked data or ransomware claims can accelerate incident response. Services like KELA or DarkOwl track threat actor activity.
- Develop Authority Partnerships: Conpet's coordination with DIICOT and cybersecurity agencies streamlined recovery. Establish pre-incident relationships with organizations like CISA or national CERTs.
- Test Recovery Plans: Regular backup validation ensures operational continuity during attacks. Follow frameworks like NIST's SP 800-184 for disaster recovery.
While Conpet avoided worst-case scenarios this time, the attack underscores ransomware's persistent threat to energy sectors. Proactive defenses, not just reactive measures, remain essential.
Comments
Please log in or register to join the discussion